Overview

overview

10

Static

static

aggah.ps1

windows10-1703-x64

10

aggah.ps1

windows7-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aggah.ps1

  • Size

    1.1MB

  • Sample

    221206-z6p32sgh4s

  • MD5

    8763a2445fde1b8c315ac06e4123207a

  • SHA1

    84e8a98f70acce9988adf826ca0c52aaf66b21c2

  • SHA256

    fa8f6002a8d571256dc88960a69ab44c7cbf65227c45e5b4750007d5749bbd44

  • SHA512

    57b8fa11f322fd4f39608fa511b21c4560c9812743dfe57f49297995aad57b2945c0d370e12aa343cb84374126eb3bb51a20555db564255963512a19793cde4f

  • SSDEEP

    12288:Cjx24c7RmYLQoSlhO5vLIyEDlzvOLHCKzR6VpPXncijT9L:CeRm6QoSlhOXqrOLHCn4ijTN

Score
10/10
collectionpersistence

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    195.178.120.64
  • Port:
    21
  • Username:
    ashgdlkhfg3
  • Password:
    jfghfjg]45

Targets

    • Target

      aggah.ps1

    • Size

      1.1MB

    • MD5

      8763a2445fde1b8c315ac06e4123207a

    • SHA1

      84e8a98f70acce9988adf826ca0c52aaf66b21c2

    • SHA256

      fa8f6002a8d571256dc88960a69ab44c7cbf65227c45e5b4750007d5749bbd44

    • SHA512

      57b8fa11f322fd4f39608fa511b21c4560c9812743dfe57f49297995aad57b2945c0d370e12aa343cb84374126eb3bb51a20555db564255963512a19793cde4f

    • SSDEEP

      12288:Cjx24c7RmYLQoSlhO5vLIyEDlzvOLHCKzR6VpPXncijT9L:CeRm6QoSlhOXqrOLHCn4ijTN

    Score
    10/10
    collectionpersistence

    • Registers COM server for autorun

      persistence

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks